UK firms unprepared for IT disaster

UK firms are playing Russian Roulette with their IT systems because they have no adequate contingency plans to deal with problems such as terrorist attacks or computer viruses.

According to research by the Chartered Management Institute (CMI), more than half of British businesses do not have any kind of business continuity plan and "are displaying a dangerously cavalier attitude towards confronting disruption".

The CMI study, published in association with the Business Continuity Institute and Colt Telecom, warned that complacency remains a major issue despite wake-up calls from incidents as diverse as flooding, power cuts, terrorism and rapidly spreading internet viruses.

The research even reveals that many of the 47 per cent of organisations that do have plans do not know if they would work in practice. Only 57 per cent tested their plans annually or more frequently.

One in 10 of those with a plan also admitted they have not made changes even when they discover shortcomings as a result of testing.

John Sharp, chief executive of The Business Continuity Institute, said in a statement: "We are very concerned that many UK organisations continue to bury their heads in the sand.

"Business continuity management helps to prevent and prepare for disruption to normal business operations, and can save an organisation and its employees if disaster strikes. Without it, organisations can suffer enormous - sometimes terminal - damage.

"If nothing else, we are urgently calling upon UK businesses to do two things: develop a business continuity plan for their organisation and test it at least once a year. Not to do so is playing with fire."

The study reported that areas such as business reputation and people are especially under-protected. While loss of skills, loss of people (both 48 per cent) and negative publicity (46 per cent) are viewed as areas that could have a negative impact on costs or revenues, they are ignored by many business continuity plans.

Christine Hayhurst, director of professional affairs at the CMI, said in a statement: "Many organisations are playing Russian Roulette with their greatest assets - their staff and their reputation.

"At best, failure to provide contingency plans for loss of people or individuals with specific skills can lead to unnecessary pressures in the workplace. At worst, it could close businesses and ruin reputations."

The research found that most plans cover only four kinds of disruption: loss of IT (84 per cent), telecoms (65 per cent), site (64 per cent) and fire (60 per cent).

Chartered Management Institute

The Business Continuity Institute